EAP 6 documentation had some chapters on implementing and using custom authenticator valves, see

• https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html-single/Development_Guide/index.html#About_Authenticator_Valves
• https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html-single/Development_Guide/index.html#Configure_a_Web_Application_to_use_an_Authenticator_Valve

In EAP 7, the same is achieved using custom Undertow authentication mechanisms. We should have documentation for that. I'm thinking about something very similar in size, no very deep dive, but explain the basic concepts.

The basic wiring of Undertow auth mechanisms is a bit different from auth valves, I've already described it here https://issues.jboss.org/browse/JBEAP-4197?focusedCommentId=13194402&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13194402 That is, IMHO, the most important part of this work.